Horizon3.ai has just published VMware Authentication Bypass Vulnerability (CVE-2022-22972) Technical Deep Dive. The detailed analysis of the inner workings of a critical authentication bypass vulnerability in VMware Workspace ONE Access, Identity Manager and vRealize Automation products (CVE-2022-22972). This vulnerability allows an attacker to login as any known local user.
Horizon3.ai Exploit Developer James Horseman notes in his summary: “CVE-2022-22972 is a relatively simple Host header manipulation vulnerability. Motivated attackers would not have a hard time developing an exploit for this vulnerability.” Horseman cites results of a Shodan.io search indicating “the healthcare, education industry, and state government sectors all seem to be a fair amount of the types of organizations that have exposures – putting them at larger risk for current and future exploitation.”
If you haven’t done so already, you should apply the updates that are available to mitigate this vulnerability.
The list of affected products are:
- VMware Workspace ONE Access (Access)
- VMware Identity Manager (vIDM)
- VMware vRealize Automation (vRA)
- VMware Cloud Foundation
- vRealize Suite Lifecycle Manager
There is also a workaround detailed here for those who can’t patch all the things immediately.
Horizon3.ai Named to New Cyber 60 List
Posted in Commentary with tags Horizon.ai on December 18, 2023 by itnerdHorizon3.ai, a leading provider of autonomous security solutions, today announced that it has been named to the Fortune Cyber 60 2023 list. The Fortune Cyber 60 is a new listing of the most important venture-backed startups that offer enterprise-grade cybersecurity solutions. Horizon3.ai was added to the Early-growth-stage companies category and is the only company on the list that offers an autonomous penetration testing solution like NodeZero™.
The Horizon3.ai NodeZero platform is a SaaS-based autonomous penetration testing solution used to continuously assess an enterprise’s attack surface. NodeZero helps organizations uncover exploitable vulnerabilities, weak and/or reused credentials, deficient security controls, exposed data, misconfigurations, weak security policies, and dangerous product defaults that exist within their networks. NodeZero chains these weaknesses together to discover attack paths an attacker could use to compromise user accounts, applications, domains, on-premises devices, and cloud resources.
To construct the Fortune Cyber 60 list, Lightspeed Venture Partners surveyed over 300 cybersecurity startups based on market data provided by Pitchbook. Lightspeed requested data regarding revenue and current and prior year growth rates and sorted the companies that responded according to their ARR, followed by growth rate, and prior year growth rate as tiebreakers.
About Horizon3.ai
The NodeZero™ platform empowers organizations to continuously find, fix, and verify exploitable attack surfaces. It is the flagship product of Horizon3.ai, founded in 2019 by former industry and U.S. National Security veterans. Our mission is to help organizations see their networks through the eyes of the attacker and proactively fix problems that truly matter, improve the effectiveness of their security initiatives, and ensure that they are prepared to respond to real cyberattacks.
Visit https://www.horizon3.ai/ for more information.
Leave a comment »